• E-mail
• Print
• RSS

HHS releases proposed changes to HIPAA rules

HIPAA Weekly Advisor, July 12, 2010

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

The Department of Health and Human Services (HHS) released a proposed rule to modify the HIPAA privacy, security, and enforcement rules July 8, extending HIPAA compliance requirements to subcontractors of business associates and strengthening patient rights to health information privacy.

According to the Office for Civil Rights, which enforces the HIPAA privacy and security rules for HHS, the proposed "significant" modifications:

• Require BAs of HIPAA covered entities abide by most of the same rules as the covered entities
• Limit the use and disclosure of protected health information (PHI) for marketing and fund-raising purposes
• Prohibit the sale of PHI without an authorization
• Expand individuals’ rights to access their information and to restrict certain types of disclosures of PHI to health plans
• Strengthen and expand HIPAA’s enforcement rule

The Health Information Technology for Economic and Clinical Health (HITECH) Act, signed into law by President Barack Obama, February 17, 2009, mandates the HIPAA changes. HITECH was part of the $787 billion economic American Recovery and Reinvestment Act of 2009, which includes provisions for heightened enforcement of HIPAA and stiffer penalties for privacy and security violations.

HHS will receive comments for up to 60 days after the proposed rule’s July 14 publication in the Federal Register, after which it will release an interim final rule. HHS in the proposed rule says it will give covered entities and BAs 180 days after the final rule is in effect to comply with most of the provisions.

Read the full story on HIPAA Update.
 

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive